mcp -auditor

This MCP server enables natural-language querying and analysis of historical Activity Records from Netwrix Auditor. When connected through an MCP-compatible client like Claude Desktop, you can ask questions such as ": Show me failed login attempts in the last 30 days" or ": List activity records related to file server changes by user X." The server acts as a bridge between Claude Desktop and Netwrix Auditor, translating natural language queries into API calls or data retrieval operations against your Netwrix Auditor instance, and then summarizing results back to you. To use it, configure Claude Desktop (or another MCP client) to run the server with the Netwrix API credentials, and then begin asking questions about audit data, investigations, or reports. The tooling supports typical MCP-driven conversations: fetching records by date ranges, filtering by user, object, activity type, and generating concise summaries suitable for investigation briefs.

Key capabilities include: securely connecting to your Netwrix Auditor API endpoint, authenticating with a Netwrix user account, retrieving Activity Records, performing targeted queries (by user, date, object, or event type), and returning results in a structured, natural-language-friendly format. The workflow is designed to streamline investigations and enable complex data retrieval through conversational prompts rather than manual queries.

Prerequisites:

• Netwrix Auditor 10.6 or later installed and actively collecting audit data.
• A functioning MCP-compatible client (e.g., Claude Desktop).
• A Netwrix Auditor user account with read access to Activity Records.
• Access to install or run your preferred deployment method (Windows MSI installer or local/source deployment).

Option A: Install via MSI Installer (recommended on Windows)

1. Download the MSI installer from the Releases page: https://github.com/netwrix/mcp-server-auditor/releases and select NetwrixAuditorMCPServer-Setup.msi.
2. Run the installer and follow the on-screen prompts. The installer will prompt for Netwrix API URL, username, and password. Example defaults for API URL: https://localhost:9699.
3. Complete the installation. The installer registers the server with Claude Desktop automatically.
4. Restart Claude Desktop to apply changes. Open Claude Desktop and verify the Netwrix Auditor tools appear under the tools icon (🔨).

Option B: Local installation from source (dotnet-based) Prerequisites:

• .NET SDK 9.0 or later
• Git (optional for clone)
• Access to the source repository Steps:

1. Clone or download the repository and locate the main server project (the .csproj file).
2. Ensure you have the necessary dependencies restored and build the project: dotnet build
3. Run the server from source via Claude Desktop configuration:
   • Prepare claude_desktop_config.json with an entry similar to: { "mcpServers": { "netwrix-auditor-local": { "command": "dotnet", "args": [ "run", "--project", "C:\path\to\your\cloned\repo\YourServerProject\YourServerProject.csproj", "--no-build" ], "cwd": "C:\path\to\your\cloned\repo\YourServerProject", "env": { "NETWRIX_API_URL": "https://your-netwrix-server:9699", "NETWRIX_API_USERNAME": "domain\user", "NETWRIX_API_PASSWORD": "YOUR_NETWIX_PASSWORD" } } } }
4. Replace paths with the actual absolute paths on your system. Save the config and load Claude Desktop to use the local server.

Notes:

• For Windows, you can also run the server as a service or use the MSI installer for a managed deployment.
• Ensure the API URL, username, and password are kept secure and not exposed in shared configurations.

Tips and common issues:\n- Ensure Netwrix Auditor API URL is reachable from the machine running the MCP server. Firewalls or TLS settings may require adjustments.\n- Use a dedicated Netwrix Auditor account with read permissions to avoid credential scope issues.\n- If Claude Desktop cannot locate the Netwrix Auditor tools after installation, restart Claude Desktop and verify that the MCP server entry is present in claude_desktop_config.json.\n- When using the local dotnet path, provide absolute paths in the configuration to avoid runtime path resolution errors.\n- For security, avoid embedding plaintext passwords in shared config files; prefer secure storage or environment-based secrets where supported by Claude Desktop.